hi, i want to use the LdapLoginModule, but not to get roles from ldap. The problem I have that while the user is authenticated fine, it fails to be authorized against the security constraints in web.xml.
i have a <security-constraint> with <web-resources-collections> i've tried not using <auth-constraint>, using an empty one and using one with an empty role. all fail the strangest failure is when there are no roles in <auth-constraint> i get a message: 005-11-23 18:27:52,022 TRACE [JBossSecurityMgrRealm] (http-0.0.0.0-80-Processor2:) User: qrm is NOT authorized, requiredRoles=[], userRoles=[] seems to me that if the requiredRoles are empty, the user should be authorized. i'm using jboss 3.2.6 thanx, ittay View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3908743#3908743 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3908743 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
